Friday, June 20, 2008

Phishing is a new type of network attack where the criminals use e-mail to try to lure the fool users to fake website, which seemed to be sent by banks or other organizations. E-Bay and online banks are usually their targets. Eventually, the victims are instructed to login to their account and enter their personal information, such as bank PIN number, user ID, password of their credit care and so on. This information is then sent to the criminals who then use that information to engage in fraudulent activity.

There are several prevention methods that can help users to prevent phishing. First method is to enhance the security of the web sites. It can be done through hardware devices. For instance, the Barclays Bank provides a hand-held card reader to the users. The users are required to insert their credit card to the card reader and key in their PIN code, and then a password will be created. Only when the right password is keyed in, then the users can perform transaction online. Other than that, biometric characteristic such as fingerprint and voice can be used for user authentication.

Besides, method such as detecting and blocking the phishing Web sites in time also can help to prevent phishing. We can block those sites if we can detect the phishing Web sites in time. Furthermore, users should be educated to understand how phishing attacks work and be alert when phishing-alike e-mails are received. And users should never respond to e-mail that requires you to enter personal information directly into the email.

Example of phishing is provided in the left hand side. The phisher require the users to update the information in order to maintain the online services and it provides a link for the users to update their information. Some would also threaten to close your account if you do not take immediate action by providing personal information and so on.





No comments: